<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!--#include file="inc/conn.asp"-->
<!--#include file="inc/meta.asp"-->
<!--#include file="inc/md5.asp"-->
<%dim admin,password,verifycode
admin=replace(trim(request("admin")),"'","")
password=md5(replace(trim(request("password")),"'",""))
verifycode=replace(trim(request("verifycode")),"'","")

if admin="" or password="" then
response.Write "<script LANGUAGE='javascript'>alert('管理员帐号或密码不能为空，请输入！');history.go(-1);</script>"
response.end
end if
if verifycode="" then
response.Write "<script LANGUAGE='javascript'>alert('验证码不能为空，请输入！');history.go(-1);</script>"
response.end
end if
if session("getcode")="" then
response.Write "<script LANGUAGE='javascript'>alert('你登录时间过长，请返回登录页面重新登录！');history.go(-1);</script>"
response.end
end if
if cstr(session("getcode"))<>cstr(trim(request("verifycode"))) then
response.Write "<script LANGUAGE='javascript'>alert('请输入正确的验证码！');history.go(-1);</script>"
response.end
end if

set rs=server.CreateObject("adodb.recordset")
rs.Open "select * from admin where admin='"&admin&"' and password='"&password&"' " ,conn,1,3
if not(rs.bof and rs.eof) then
if password=rs("password") then
rs("lastloginIP")=Request.ServerVariables("REMOTE_ADDR")
rs("lastlogintime")=now()
rs("logintimes")=rs("logintimes")+1
rs.update
session("admin")=trim(rs("admin"))
session("password")=trim(rs("password"))
session("flag")=int(rs("flag"))
session.Timeout=10
rs.Close
set rs=nothing
response.Redirect "index.asp"
else
response.write "<script LANGUAGE='javascript'>alert('用户名或密码错误，登陆失败！');history.go(-1);</script>"
end if
else
response.write "<script LANGUAGE='javascript'>alert('用户名或密码错误，登陆失败！');history.go(-1);</script>"
end if
%>
<%call CloseConn()%>